From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6044D138334 for ; Mon, 12 Nov 2018 23:47:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 75159E0BD2; Mon, 12 Nov 2018 23:47:21 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 02130E0BBE for ; Mon, 12 Nov 2018 23:47:20 +0000 (UTC) Received: from [10.128.5.198] (unknown [100.42.98.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id 1D6E0335D00; Mon, 12 Nov 2018 23:47:19 +0000 (UTC) Subject: Re: [gentoo-dev] [PATCH] install-qa-check.d: Support QA{,_STRICT}_INSTALL_PATHS variables (bug 670902) To: gentoo-dev@lists.gentoo.org, Michael Orlitzky References: <20181112203344.611-1-zmedico@gentoo.org> <2f93eb4a-0fdf-ac1f-d40d-81a3b6a944e9@gentoo.org> <3260d441-53d5-3016-958a-d961af9f7ded@gentoo.org> From: Zac Medico Openpgp: preference=signencrypt Autocrypt: addr=zmedico@gentoo.org; prefer-encrypt=mutual; keydata= xsFNBFs7tmwBEADTzG+IcYtRfTfKryU7sUH7LlV1M+TdaCMfIkY4x6RyHXkaaqYuQ+U9HKn0 +m5FcZsZ1Ojik+We3Tz0F6kDbam6EWzBxmsLb/IHeUEsvsuLzuBQjiD9zzqGocZiPWr+uWJs AdbueS72R7FPXJPDUEPrJ9GdhGFyYARveY9cmdisOwcDOiSFfBjk3/89t4gROn4KUhezVuO9 VS14gVSns1561CJjlB47HkSBu4+FuzrfVygg4xitWAH119Ehw0vJcgkTw4Bqhk01Iw9us80m dFyU8JbJ0CVYe30gYKFFbnXoiT6xLLogKOkv0goPFxaXcMwWM9ei3SjAGVqgN6i8VnO7kquV LwkTe6ntEK0iY+l4qTKuyIOQLpCbWNI0eVwlx5b/pY2pt5TEGWAPMCZGjlidMx0aDcVX4oji 2/xegFAcxALrfOX3kj2FZ9kNAqLZu26AfqtslIqlBEAb5sZwPr351msBIdbaWX2UNw21I478 7eQ7UfohwXQHlXdhc/wop3VDkDzLBnvlK4ozSJI/9T5F/+9yEZvc6DKUWdEfD12o2El5hHan gCUQWDBKqZb1wcekK8KY2tmH8BBQi7k52IWYLJYfJdir/XpGm5SsDpf3zvDcIFXqFHAG7w7b fhriM+6oBOeIO9ew1Xj3swbRhDwdzRUhu7Uqayq1vdvKqGkgcQARAQABzSNaYWNoYXJ5IE1l ZGljbyA8em1lZGljb0BnZW50b28ub3JnPsLBlAQTAQgAPhYhBEdYrNjamv1GpqYECtYQzzch 54rNBQJbO7cRAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJENYQzzch54rN dr8P/0GA7TSMQFmrLPYdhevMmL4i+xWv4nlVqw0WRzJA+4M/Dw6mG/scqm+sQiRzyWgMUwJv EdC3KunW1deE3b2zZROgrTDL2DZiUdj3bhG3TBdnbx189G/DhTvDiW7u5DrOwWGrjFuOBBdR acjjGU5EnWJ0aihjBkkX1AeBFeq2rFD7zOnERGa+yJNWwIlX/PYTgJiixK6+qQFqPXH9xaxw iaE9nShXlbas4CM5q78PwxjLQALSjKHpA3lA0u68hCZZT623RDq2elhVNBTSS2JpAJ+NbU7z JY7129p6vmVLBTeZ52piTjekTKLngIk2TppIc9XoO9344qYdC+1RJhIQRf+QCpMoy6YaKdTV U7rX/+pK9QtngaEIHfiGch5SVGxKxGlIsjONgjWC471KhwAJjKABxNmEcfJvbUKYxEPlJspo 3oG53ki79ymrccMPs54R65CBKr6eF8zKhqjZPozjc32weMMEYwA2dY+GMx4lTn5y7FaG6RAt 2wyb678KTKJi+ITPFAOUzVJhl6S9mk1RVSoqj6nvEgJ26h4Xrrh9FsoFmxUDsakGQv93CrxG 0srAezKH1duSZ//FMq3XP7JHPgw0yGphSTTt6hyE6jRqRxJOJ+/5vlqGSg0K7KBQoWJPwTQs XRfqYOMzQ90dQFdvF2ASZ0Rs/IU3JLh5l7ankxg2zsFNBFs7tmwBEACfZb/EePObKC8tuVFl IMQaTRzm7q5THbwQvbdKdw/31cdYJaZZ7BFgnSBq2CBYDPxcm+TxvvjgNTam8kZGdEpCm3/v P1YdJSoiYbisJubV7JiAOoAmGtaDOVX5thpv28HL17wqK2d5jgqMTLFeT3hyaro5cjGAQlhT NOyfwVkdFMFLjOhGzq7aki4UZ9ieS/IedoyZvOblf79d5PV1xI0mf2w5yoHcfZRv7nwI9XMz nqlgC9/RQP7O+WfCl2pl9gyd0hc3uqUWl0ke9xHvVxlEdORH/f+OzeybYj9r80GkC6MeqiG8 qzuWO0IZZ5Gvzwkq0KgRAefr9Z/4vmyOiVhJrvk1gLp6VEdB54fUO3MG/PcnYiasRJOUwRQQ 1+q25w5i9ooZRk0LQ6oNnWbeVj+Pwn0mzL0/GjkdPsYclxzOLSlRAwkisepVl62L2m+XwXsZ j9DS3vIHEbbfCmKayBuGCXQEpJMmEnGqFLnOzv29cOutm3BnGXcWAg5aJjiV5PKEmr/4g9/E J8lphGnNCRQ2DvUzO1tlHpmT+JvDBwAgo5rfq5wjjeiS578kAgPoitOBzp/z5YM5FXX+shEd i5/ratErb9ysUfr3Z45YV3yM6MHgCpEg8+5k6fM6ey4tRnxXAYdJ4XzaSyML9fsnEg9aVaCP iRl+fuLSuF1QJf7LwwARAQABwsF8BBgBCAAmAhsMFiEER1is2Nqa/UampgQK1hDPNyHnis0F Als7trcFCQHhM8sACgkQ1hDPNyHnis0Wdw/9ERSLUHWjGW+oRJPC80RsSZO+9gbdo6AT8GP0 L3S1M60d/C4Pp9lT7sGvN31Q2h4/i1AGz2vsvjA4RUwuWI/M2F660ZmqbuLA4BbS/gjA+Wrf ZB8TDEoy7k0IO+ga0J6ENgxSOk0w1ZS+LYVrM8r7C73ZckAU2aknGOHvfIdRocpb464/JA+j kP8ENcXA0NVT17Te6K3OxpN3fBsHP7w9zbYaV3Ex3suXhLx0/+xxjLPTfwobEy3kTv5Qqumq Ph7TlXvc/9Ku4GwgAFUscLG5ZhsDULIWsRr0tyum0IYI3lpQnMykZiDCoiq7HETTwJeZPpJk PlVc7Qyy0eqcKyoiqd/ttr5tPwRFWk4OYmqzZFiZZ6sG7Zw68UXKHuhCV1MgXKPqS3M8Q6V+ nGL+ZwLE1GkvqwaPgn7uzJpfO+HzoWn3yxjNvh5plsZbM/kqCTMyByB0LQPZdjkO30GvV6dU wamblYkpytpZ5cmbIRITzsxPkOuWwXkLoz6y664JfH/Te3xVQ2rqZkuDCFrwy5nOqk92w7OY WGqyDOSL4tyCdcsXVoF5HXcHQLTv5WzCQ2MAQUW6zflyirYygTfJ3ds5mk5/J52UKEhIHPzJ Hc26Ubfvo38XuE0FJjb7xoZzCoSTpCVZ2H0f2cJOBLEVN9bnbelNlmp0m6mPAHfDrfsVR/s= Message-ID: <8b5289cf-2829-33b3-9d01-9461a3066b3e@gentoo.org> Date: Mon, 12 Nov 2018 15:47:25 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tMyVh0w3qsah82MRGwCL11YuUDYkaUqQQ" X-Archives-Salt: 14751c25-f5e9-4975-849b-d79003d634f3 X-Archives-Hash: 127ca8eb127dfea8337d48a6f9bd774e This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tMyVh0w3qsah82MRGwCL11YuUDYkaUqQQ Content-Type: multipart/mixed; boundary="N5TqX1nptJ2G6aosKnov5GkwEbUCQHRIC"; protected-headers="v1" From: Zac Medico To: gentoo-dev@lists.gentoo.org, Michael Orlitzky Message-ID: <8b5289cf-2829-33b3-9d01-9461a3066b3e@gentoo.org> Subject: Re: [gentoo-dev] [PATCH] install-qa-check.d: Support QA{,_STRICT}_INSTALL_PATHS variables (bug 670902) References: <20181112203344.611-1-zmedico@gentoo.org> <2f93eb4a-0fdf-ac1f-d40d-81a3b6a944e9@gentoo.org> <3260d441-53d5-3016-958a-d961af9f7ded@gentoo.org> In-Reply-To: --N5TqX1nptJ2G6aosKnov5GkwEbUCQHRIC Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/12/18 2:34 PM, Michael Orlitzky wrote: > On 11/12/2018 04:06 PM, Zac Medico wrote: >> On 11/12/18 12:57 PM, Michael Orlitzky wrote: >>> On 11/12/2018 03:33 PM, Zac Medico wrote: >>>> >>>> QA_INSTALL_PATHS=3D( /nix ) >>> >>> That really, really, really doesn't belong there. >> >> I'm open to suggestions for alternatives. Ideas? >> >=20 > /var/lib/nix? >=20 > The idea being, to put it in the right place by default, and let people= > override it with EXTRA_ECONF if they really want to download random > binaries from strangers and run them. I recommend to add /nix to the whitelist because this is the default location for all operating systems, as shown consistently throughout the installation instructions found at https://nixos.org/nix/manual/#chap-installation. The nix manual also has this explicit warning in the "Building Nix from Source" section found at https://nixos.org/nix/manual/#sec-building-sourc= e: > Warning: It is best not to change the Nix store from its default, since doing > so makes it impossible to use pre-built binaries from the standard Nixp= kgs > channels =E2=80=94 that is, all packages will need to be built from sou= rce. --=20 Thanks, Zac --N5TqX1nptJ2G6aosKnov5GkwEbUCQHRIC-- --tMyVh0w3qsah82MRGwCL11YuUDYkaUqQQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQKTBAEBCgB9FiEE8OgXaltWzqgSupCu0HX7jBBKPSAFAlvqEQ1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYw RTgxNzZBNUI1NkNFQTgxMkJBOTBBRUQwNzVGQjhDMTA0QTNEMjAACgkQ0HX7jBBK PSDmmQ//blsaKhxoBHhV5s8NZ6xWeoWkOYylfFbUjc7acxGGOKPeBgGm3xs8XMJ3 sduCNGOD9PevZQ8xY0aTliHv2u0G/DKnqJazU49R4g1HYVHKcSWWVl5aqC+DQx0g HY2qCk8OEFKuPnZJw5OkfOgM1zEgvbtKf+8hnh4MjWyQS+UAvjW4gu+SgNOpGPSv /haIvOxTnjosZduvjF80myS1gsJcpg6rQJXeTzgNue6VZP2O/4sOkJu5rwiGThYJ WHn0+LSYg/ouxn3fErh4kr68V1NP+ioJSbpwEvnKh3zY+J24SOuXt2FVYueXjf31 HwWNR85rlwI/WkEdA9NRwE27UjN32NpB9n86ezahCQW17RJYwomGTyNk6/plkC1k lt6SLkF65HSL6OyIV+4rq08t25AnOAixuaEnk+GKN5Odzijb4fTWVnkyCw1bzi4V TnrULid0eLyN4jeJZjMV72FV1OLBI0j5K0dY3/Egt/z2w3kIaagYCY8b2lKMH1zX p0skoS9PJDKe3hZN2iP9sqnR1fx1TSrPppYSeEKNrK92DKcZdPf/CEAzZrSyNKfP ZL/nybu8fNZR6pjJI8DPtG0czwm0UWt98bYheR/yPj2lGjOxujnUfjCMdKxykHS6 vSqYlHyZjrriW6x3sAJ/eQO7A+GWdYgzVTnJuEpQSHGKKRaFqUk= =QrTz -----END PGP SIGNATURE----- --tMyVh0w3qsah82MRGwCL11YuUDYkaUqQQ--